How Small Is Too Small?

March 5, 2022 by Elliot Williams 29 Comments

Not a rhetorical question! This week we consider the most micro microcontroller: the HC32L110. It’s the new title holder of the smallest ARM Cortex M0+ part. But could you actually use it?

MCU is the black thing that’s smaller than the capacitor.

I remember way back, when I first learned to solder surface-mount components. It was fiddly at first, but nowadays I don’t use through-hole components unless someone’s twisting my arm. And I still do my soldering myself — down to 0603 really isn’t all that bad with an iron, and below that, there’s always the heat plate. My heat plate has also gotten me through the two times I’ve actually needed to put down a ball-grid-array part. It wasn’t as bad as I had feared, honestly.

So maybe it’s time for me to take the BGA plunge and design a board or two just to get more familiar with the tech. I probably won’t dive straight into the deep end, like the featured chip here with 0.35 mm ball pitch, but rather stick with something that the cheap PCB services can easily handle. My experience tells me that the best way to learn something is just to test it out.

Now, off to go part shopping in the middle of a chip crisis! Wish me luck.

You Break It, We Fix It

February 26, 2022 by Elliot Williams 45 Comments

Apple’s AirTags have caused a stir, but for all the wrong reasons. First, they turn all iPhones into Bluetooth LE beacon repeaters, without the owner’s permission. The phones listen for the AirTags, encrypt their location, and send the data on to the iCloud, where the tag’s owner can decrypt the location and track it down. Bad people have figured out that this lets them track their targets without their knowledge, turning all iPhone users into potential accomplices to stalkings, or worse.

Naturally, Apple has tried to respond by implementing some privacy-protecting features. But they’re imperfect to the point of being almost useless. For instance, AirTags now beep once they’ve been out of range of their owner’s phone for a while, which would surely alert the target that they’re being tracked, right? Well, unless the evil-doer took the speaker out, or bought one with the speaker already removed — and there’s a surprising market for these online.

If you want to know that you’re being traced, Apple “innovated with the first-ever proactive system to alert you of unwanted tracking”, which almost helped patch up the problem they created, but it only runs on Apple phones. It’s not clear what they meant by “first-ever” because hackers and researchers from the SeeMoo group at the Technical University of Darmstadt beat them to it by at least four months with the open-source AirGuard project that runs on the other 75% of phones out there.

Along the way, the SeeMoo group also reverse engineered the AirTag system, allowing anything that can send BLE beacons to play along. This opened the door for [Fabian Bräunlein]’s ID-hopping “Find You” attack that breaks all of the tracker-detectors by using an ESP32 instead of an AirTag. His basic point is that most of the privacy guarantees that Apple is trying to make on the “Find My” system rely on criminals using unmodified AirTags, and that’s not very likely.

To be fair, Apple can’t win here. They want to build a tracking network where only the good people do the tracking. But the device can’t tell if you’re looking for your misplaced keys or stalking a swimsuit model. It can’t tell if you’re silencing it because you don’t want it beeping around your dog’s neck while you’re away at work, or because you’ve planted it on a luxury car that you’d like to lift when its owners are away. There’s no technological solution for that fundamental problem.

But hackers are patching up the holes they can, and making the other holes visible, so that we can at least have a reasonable discussion about the tech’s tradeoffs. Apple seems content to have naively opened up a Pandora’s box of privacy violation. Somehow it’s up to us to figure out a way to close it.

Against The Cloud

February 19, 2022 by Elliot Williams 58 Comments

One of our writers is working on an article about hosting your own (project) website on your own iron, instead of doing it the modern, cloudy-servicey way. Already, this has caused quite a bit of hubbub in the Hackaday Headquarters. Who would run their own server in 2022, and why?

The arguments against DIY are all strong. If you just want to spin up a static website, you can do it for free in a bazillion different places. GitHub’s Pages is super convenient, and your content is version controlled as a side benefit. If you want an IoT-type data-logging and presentation service, there are tons of those as well — I don’t have a favorite. If you want e-mail, well, I don’t have to tell you that a large American search monopoly offers free accounts, for the low price of slurping up all of your behavioral data. Whatever your need, chances are very good that there’s a service for you out there somewhere in the cloud.

And that’s awesome if you only want the service provided. But what if you want to play around? Or learn how it all works under the hood? This is Hackaday!

For instance, you could run your own mail server just for your friends and family. The aforementioned search monopolist will probably flag all of your e-mail as spam, partly because they don’t trust small e-mail providers, and partly because that’s the “m” in monopoly. But if you can get folks to whitelist the addresses, you’ll be in business. And then you open up a world of fun and foolery. You can write hooks to automatically handle mail, or you can create an infinite number of mail accounts, even on the fly as per Spamgourmet, the most awesome anti-spam tool of the last 30 years. Or you can invent your own. Run a mailing list for your relatives. Or do something stupid.

I used to run a service where, when a particular account received an e-mail, the attached photo was pushed up to a website with the subject line as the caption. Instant photo-blog, of the strangest and least secure sort. Getting it running was a few lines of Bash scripting, and an afternoon of fun. Is there a service that does this, already existing in the cloud? Probably. One that allows you a little privacy and doesn’t track your every move? Maybe. But even if there is, would I have learned about sendmail by using this service? Nope!

I hear you saying “security” under your breath, and you’re right. This system was secured by lock made of purest obscurity. But still, in seven years of running the service, nobody guessed the magic e-mail address, not once. Knowledge of the e-mail address was essentially a password, but if I needed extra security I probably could have implemented it in a few lines of Bash anyway. The webpage itself was static HTML, so good luck with that, Hackerman! (The site’s been down for a while now, so you missed your chance.)

If you just want a service, you can be served. But if you want to be a server, a first-class Internet citizen, with your own cloud in the sky, nothing’s stopping you either. And in contrast to using someone else’s computers, running your own is an invitation to play. It’s a big, Internet-connected sandbox. There are an infinity of funny ideas out there that you can implement on your own box, and a lot to learn. If you hack on someone else’s box, it’s a crime. If you hack on your own, it’s a pleasure.

I know it’s anachronistic, but give it a try. (PDF, obscenity, uncorrected typos.) Be your own cloud.

Bionic Eyes Go Dark

February 18, 2022 by Elliot Williams 49 Comments

If you were blind, having an artificial retinal implant would mean the difference between seeing a few hundred pixels in greyscale and seeing all black, all the time. Imagine that you emerged from this total darkness, enjoyed a few years of mobility and your newfound sense, and then everything goes dark again because the company making the devices abandoned them for financial reasons.

This is a harrowing tale of close-source technology, and how a medical device that relies on proprietary hard- and software essentially holds its users hostage to the financial well-being of the company that produces it. When that company is a brash startup, with plans of making money by eventually pivoting away from retinal implants to direct cortical stimulation — a technology that’s in it’s infancy at best right now — that’s a risky bet to take. But these were people with no other alternative, and the technology is, or was, amazing.

One blind man with an implant may or may not have brain cancer, but claims that he can’t receive an MRI because Second Sight won’t release details about his implant. Those bugs in your eyes? When the firm laid off its rehab therapists, patients were told they weren’t going to get any more software updates.

If we were CEO of SecondSight, we know what we would do with our closed-source software and hardware right now. The company is facing bankruptcy, has lost significant credibility in the medical devices industry, and is looking to pivot away from the Argus system anyway. They have little to lose, and a tremendous amount of goodwill to gain, by enabling people to fix their own eyes.

Thanks to [Adrian], [Ben], [MLewis], and a few other tipsters for getting this one in!

The Real World Strikes Back

February 12, 2022 by Elliot Williams 17 Comments

My son was into “Secret Coders“, a graphic novel series wherein a pair of kids discover and thwart a plot to take over the world by learning to program in the LOGO computer language. When I told him that these “turtle bots” were originally actually real physical things, he wanted one. So we built one out of some nice geared DC motors I had lying around.

A turtle bot has essentially three jobs: move forward in a straight line a controlled distance, turn a given number of degrees, and raise and lower a pen. If you’re already screaming “use stepper motors!” at your screen, well, you’re probably right. But I had these nice Faulhaber/Micromo geared motors with encoders that were just collecting dust in the closet, so I used ’em. And because of that, the robot stumbles on two of its three goals in life — the servo pen lifter works just fine.

Perfectly matched DC motors don’t exist. Of course I knew this, because I’ve built bots with DC motors before. But they’ve all had complex control mechanisms and/or feedback that made it moot. Not here. This bot needs to drive perfectly straight without any lines to guide it or more interesting navigation algorithms.

We spent a good half hour driving it around in not-quite-but-almost squares, tweaking each side’s PWMs, running the motors backwards for short bursts to brake the wheels, and generally trying to map degrees of rotation to milliseconds of motor drive. And you know what, my son enjoyed it. The concepts were simple enough for a second grader, and guessing the right PWM values was like a game. When we finally got it good enough, there was a small celebration.

Of course I know that what it really needs is encoder feedback. I installed those encoder gearmotors on purpose after all. But dealing with quadrature and probably a PID loop to control and sync the two sides is not for my son, at least not for another couple years. (They do learn closed-loop control theory in fourth grade these days, right?) I’ll have to do that all offline some night while he’s sleeping.

But I hope he’ll remember the lessons learned from stabbing at it the naive way. Abstractions are great, but no two motors are ever perfectly alike. You’d think you could just calibrate it out, but the motors differ in driven and coasting behavior, so you’ve got a lot more calibrating to do than you think at first. The real world is tough, and although it’s important to have theory and ideas and abstractions to guide you, you’re going to have to tweak to make it work when the wheels hit the floor. But also that it’s fun to do so, and super rewarding when it finally draws a wonky square.

The Weirdest Hack

February 5, 2022 by Elliot Williams 31 Comments

I was on the FLOSS podcast (for the Episode of the Beast no less!) and we were talking all about Hackaday. One of the hosts, secretly Hackaday’s own Jonathan Bennett in disguise, asked me what the weirdest hack I’d ever seen on Hackaday was. Weird?!?!

I was caught like a deer in headlights. None of our hacks are weird! Or maybe all of them are? I dunno, it certainly depends on your perspective. Is it weird to build a box that makes periodic meowing noises to hid in a friend’s closet? Is it weird to design new and interesting wheels for acrobats to roll themselves around in? Is it weird to want a rainbow-colored USB DIP switch? Is it weird that these are all posts from the last week?

OK, maybe we are a little bit weird. But that’s the way we like it. Keep it weird and wonderful, Hackaday. You’ve got enough normal stuff to do eight hours a day!

Code Wrong: Expand Your Mind

January 29, 2022 by Elliot Williams 24 Comments

The really nice thing about doing something the “wrong” way is that there’s just so much variety! If you’re doing something the right way, the fastest way, or the optimal way, well, there’s just one way. But if you’re going to do it wrong, you’ve got a lot more design room.

Case in point: esoteric programming languages. The variety is stunning. There are languages intended to be unreadable, or to sound like Shakespearean sonnets, or cooking recipes, or hair-rock ballads. Some of the earliest esoteric languages were just jokes: compilations of all of the hassles of “real” programming languages of the time, but yet made to function. Some represent instructions as a grid of colored pixels. Some represent the code in a fashion that’s tantamount to encryption, and the only way to program them is by brute forcing the code space. Others, including the notorious Brainf*ck are actually not half as bad as their rap — it’s a very direct implementation of a Turing machine.

So you have a set of languages that are designed to be maximally unlike each other, or traditional programming languages, and yet still be able to do the work of instructing a computer to do what you want. And if you squint your eyes just right, and look at as many of them all together as you can, what emerges out of this blobby intersection of oddball languages is the essence of computing. Each language tries to be as wrong as possible, so what they have in common can only be the unavoidable core of coding.

While it might be interesting to compare an contrast Java and C++, or Python, nearly every serious programming language has so much in common that it’s just not as instructive. They are all doing it mostly right, and that means that they’re mostly about the human factors. Yawn. To really figure out what’s fundamental to computing, you have to get it wrong.